Apple didn’t unveil any new hardware at WWDC 2018, but they did introduce some interesting new privacy features for iOS 12 and the new macOS Mojave. While this part of their demonstration was particularly focused on additions to their Intelligent Tracking Prevention (the anti-tracking tools that first appeared in High Sierra), they are tightening up a few other areas as well, like passwords and app permissions. None of these are really revolutionary changes, but they do two things very well: they make complex privacy concepts accessible to average users, and they show that Apple is trying to put itself out in front of the privacy debate.

What are these new features?

Cookie warnings: if a website tries to access your Safari browser cookies (little pieces of data that websites use to track you), Safari will automatically notify you and ask for your permission. What’s interesting is that this includes third-party cookies, which are things like Facebook’s Like button – it’s embedded on a non-Facebook site but is still sending data about you back to the company. iOS 12 and Mojave will both notify users about these and restrict what they can do on pages.

Anti-fingerprinting:Fingerprinting hasn’t made many headlines yet, but it is possibly even more invasive than third-party cookies. Websites scan for information they can use to identify you – browser, operating system, installed fonts, plug-ins, etc. – and put it all together to create a tracking profile. Apple’s new versions of Safari are aiming to make your browser indistinguishable from any other Mac user, making your browser’s fingerprint harder to track.

Password managers/auditing: Apple is getting into the password-management game, making it easy for you to randomly generate and store secure passwords across devices. It can even analyze your choice of passwords and, if you’re reusing one, give you a heads-up that maybe you should think of something different.

Tighter access control: We’re used to having adjustable app permissions on our phones, so why not our computers as well? Apple is building permissioning systems into Mojave, requiring user permission before allowing programs to access cameras, microphones, email, browsing data, and other personal information.

How useful are they?

The biggest perk of these new features is how user-friendly they are. Apple has always been good at organically integrating complex features, and one of the reasons their products are popular is that you don’t have to think too much about how to improve your experience. Unless you care deeply about privacy, though, your daily life won’t change much when you upgrade to Mojave/iOS 12. You’ll just get a few more “OK” buttons to click and a few more boxes to check. In the long run, though, these upgrades will let more users keep their data where they want it.

If you’re really into online security, though, you’ll also notice some missing features. Apple hasn’t announced any plans to stop third-party scripts from tracking you, and pixel tracking is still around as well. Browsers like Firefox, Chrome, Opera, or Brave still offer more options for anyone who wants maximum browsing protection.

Conclusion: What’s Apple up to with all this?

Apple has been upping their privacy game for quite a while now, and while they’re not necessarily better at it, they are one of the few major tech companies out there that doesn’t really monetize your data. Apple ensures that whatever it has on you isn’t personally identifiable (Differential Privacy), encrypts your messages by default, maintains strict standards for their app ecosystem, and has been putting limits on third-party cookies since macOS Sierra and iOS 11. Of course, they’re not perfect. They’ve had their share of breaches and data troubles, but they’ve even bucked the FBI’s authority when asked to violate user privacy in the past.

With Cambridge Analytica still fresh on everyone’s minds, Apple has found itself in a great position to market their privacy practices as a valuable part of their products. They’ve also raised some eyebrows by announcing their intention to tackle the problem of technology addiction with tools that help you monitor how much you’re using your phone – again, with a nod to social media services like Instagram that would like you to spend more time with them.

Of course, pretty much everything Apple is doing can already be done by anyone with a little paranoia and an intermediate level of general Internet knowledge, but not everyone has the time or energy to become an expert in online security. Apple has been falling a little behind the curve on the hardware front, as computers and phones are gradually converging towards the same high standards, but user-friendly privacy may turn out to be one of their most appealing new features.

2 comments

With iOS 12 and Mojave, Apple will deny third parties access to user data. Is Apple included on the list of those third parties? Or is Apple putting up another wall around its user community so it (Fruitco) can have exclusive access to their users’ data?

AFAIK, Metadata from every picture by an iDevice is sent back to their servers. Every SMS/MMS is stored on their servers. Apple employees have been caught leaking iCloud account info. Virtually everything done on an iPhone/iPad is tracked and recorded. iOS makes Win10 look secure.

Well, they’ve pretty much always denied third parties direct access to user data–the big thing now is about third-party tracking cookies, which are out of Apple’s control. They’re the first major manufacturer to target them (though browser add-ons fulfilling the same function have been around for a while).

I couldn’t find anything about them collecting photo metadata–is there a source for that?

The SMS/MMS’s aren’t stored on Apple’s servers. iMessages especially can be end-to-end encrypted, and Apple only stores timestamps, device types, and a few other pieces of metadata that they delete after 30 days; nothing personally identifiable, and nothing that they actively use for any other purpose than figuring out whether the message you’re sending is going to another iMessage user or if it’s going via normal SMS lines. If a government agency contacts them within 30 days, though, they may hand over that data. They don’t store any message content at all, though, especially not if it’s E2E encrypted–even Apple can’t read your encrypted message.

The iCloud account info has mostly been due to third-party malicious hacks, which is an indictment of Apple’s security practices, but not necessarily of their philosophy. The details of the Apple employee threatening to leak a Chinese customer’s info aren’t fully known, but it’s the same as any other centralized system–there will always be people who CAN access your data; it’s up to the governance structure of the company to make sure they don’t. That’s why I’m much more an advocate for decentralized systems than centralized ones–privacy and security shouldn’t be left in the hands of human actors.

While nothing is 100% certain, it’s almost definitely not true that everything done on iPhones/iPads is being tracked and recorded–the closest that anything comes to that is Apple’s “Significant Locations” feature that keeps track of your most visited places to optimize location data and suggestions. I’m not personally an Apple product fan, but I haven’t seen anything to indicate that level of surveillance. What they probably do keep is a standard user profile, and after a few security worries over the past years all that stuff has been encrypted and more user control over the data in it has been added.

As far as security, iOS isn’t super comparable to Windows 10–one is mobile and the other is PC–but honestly, pretty much every major OS out there is about as secure as the next. Windows 10, Mojave, iOS 12, most Linux distributions–they’ve all got problems, but in general they’ve converged towards a pretty high level of security and user control. The most trouble these systems generally get into is when they’re older OS versions or they haven’t been patched against new security risks; some of our most critical infrastructure in the US runs on Windows XP because the custom-written programs can’t run on anything else, and if those computers aren’t airgapped, they could be taken down way too quickly because they’re no longer protected. All the systems have their pros and cons, but Apple is definitely ahead on privacy and is at least on par with security.